CSCI-370/EENG-480 Computer Networks

1
CSCI-370/EENG-480 Computer Networks

• Khurram Kazi

2
IPv6

• Around 1990 IETF started to get worried that the
  IPv4 address space was too small
• The situation was exacerbated both by the success
  of the Internet and by the dramatic growth of the
  PCs in the home and the office.
• Routers were becoming sophisticated and networks
  more complex
• IP addresses assigned to identify interfaces
  rather than the nodes was growing at the square
  of the rate of the new routers
• People started to imagine that everything one can
  think of will be connected to the NET
• Dream was that sitting in the office one can
  monitor and control the home remotely using the
  Internet etc. (still a dream)
• Cell phones and mobile equipment usage has and
  continues to grow at a tremendous/dramatic rate
• In 1994 IETF had projected that IPv4 addresses
  will run out somewhere between 2005 to 2011
• Hence need to have a next generation protocol
  that will at minimum increase the size of the
  address space.

3
IPv6

• RFC 1752 summarizes the requirements for next
  generation Internet Protocol. This allowed the
  developers of the new protocol to consider all of
  the limitations of IPv4 at the same time. Some of
  the constraints were
• Provide unreliable datagram service (as IPv4)
• Support unicast and multicast
• Ensure that addressing is adequate beyond the
  foreseeable future
• Be backward compatible with IPv4 so that existing
  networks do not need to be renumbered or
  reinstalled, yet provide migration path from IPv4
  to IPv6
• Provide support for authentication and encryption
• There must be support for mobile hosts and
  networks, and internetworks
• Allow users to build private networks on top of
  the basic internet infrastructure

4
IPv6

• Major difference between IPv4 and IPv6 is the
  address
• IPv6 address is 128 bits (16 octets)
• This allows possibility of encoding all sorts of
  additional and interesting information with the
  address
• A 128-bit address allows 2128 distinct addresses
• Roughly 51028 addresses for every human on earth
  today (whereas IPv4 has the scope for 2/3 of an
  address per person)

5
IPv6 datagram
6
IPv6 Headers Explained (RFC 1883)

• Version Version 6 (v6)
• Priority The source host can be use this 4-bit
  field to indicate a desired priority for delivery
  of the datagram. It is similar to the IPv4 type
  of Service field
• Flow Label This field allows flows to be
  identified and efficiently processed and routed.
  RFC lists them as experimental, but states that
  flows might be used for special handling or
  real-time services that require sequential
  delivery. The flows label allows each packet to
  be labeled
• Payload Length This field indicates the length
  of the payload following the IPv6 header.

7
IPv6 Headers Explained (RFC 1883)

• Next Header This 8-bit field indicates what kind
  of header follows this header. This maybe the
  type of protocol used in the payload (e.g. TCP,
  or UDP). It may also be used to indicate IPv6
  extension headers
• Hop Limit This 8-bit field, similar in function
  to the Time to Live field in IPv4, is more
  formally defined as maximum of times a packet
  maybe forwarded. The value is decremented by 1 by
  each node that forwards the packet. Packet is
  discarded if the Hop Limit is decremented to zero

8
IPv6 Address Representation
Full address 20330000012300FD000A000000000C67
Omitting leading zeros 20330123FDAA00C67
Omitting whole zero words 2033123FDAAC67
9
Special Topics and Recent Trends in Networking

• Ethernet Services Over Metro and Wide Area
  Networks Standards Activities

10
What is so special about Ethernet

• Why Ethernet, what not anything else!
• Major driving factor is human mentality
• Familiarity breeds desire to keep using it until
  there is no other choice
• Build on the existing know how and extend its
  capabilities to meet future needs
• Reduced capital expenditure (economies of scale)
  and operational costs
• Is it reality or perception
• Will have more feedback in near future as
  carriers have started to deploy these services
• Connect multiple enterprise campuses via Ethernet
  Services using the Public WAN Infra-structure,
  may they be across the street in the same metro
  area or across the globe

11
Who is defining Ethernet standards

• IEEE has been the pioneering standards body in
  defining (wired and wireless) Ethernet standards,
  primarily for Enterprise applications. They are
  working on defining Metro Wireless standards
  along with last mile Ethernet Solutions
• Metro Ethernet Forum (MEF) took the initiative to
  bring Carrier Class Ethernet Services across the
  Metro networks building on IEEE work
• MEF defined the Ethernet services in such a way
  that they are transport technology agnostic
• Internet Engineering Task Force (IETF)
• MPLS as the foundation of defining such services
• International Telecommunication Union (ITU)
• Defining Ethernet Services over SONET/G.709
  (OTH) Virtual Concatenation, Link Capacity
  Adjustment Scheme (LCAS), Generic Framing
  Procedure (GFP)

12
Are SONET and SDH that different?

• For all practical purposes at a high level of
  abstraction there is hardly any difference
  between SONET and SDH
• Both support similar data rates
• STS-1 gt STM-0
• STS-3 gt STM-1 etc
• So the SONET/SDH term will be used
  interchangeably in this presentation

13
Fundamentals of Services definition

• Services are defined in observable terms with
  clear demarcation points between the subscriber
  and the Service Providers equipment
• Subscriber equipment is called the Customer Edge
  (CE)
• At the CE, the observable parameters are defined
  which become the basis for Service Level
  Agreements (SLAs)
• Physical demarcation point between the subscriber
  and the Service Provider is termed as
  User-to-Network Interface (UNI)
• Hence all the services are defined between the
  two or more UNIs
• Underlying Networking technology is invisible to
  the subscriber
• These simple yet power definitions have allowed
  almost 100 million Ethernet compliant devices to
  take advantage of these services

14
Non abstract meaning of UNI (User to Network
Interface)

• UNI can be envisioned as a physical RJ-45 socket
  which can reside on an Ethernet Switch or a patch
  panel provided by the Service Provider
• The physical aspect of turning on an Ethernet
  Service can be simply plugging in the right
  equipment at this Ethernet jack
• The connection can be at 10 Mb/s, 100 Mb/s, 1
  Gb/s or 10 Gb/s if Ethernet is used as the
  physical layer between the subscriber or the
  Service Provider
• If the subscriber initially wants 10 Mb/s and
  later requires 100 Mb/s, only the provisioning of
  the service is changed and not the physical link
  making it future growth friendly
• If SONET is used, the physical link rates can be
  multiples of STS-1s or at lower sub-rates of
  STS-1 (based on VT structure)

15
Service Frames and Frame Delivery

• Service frames are similar to the Ethernet frames
  without the preamble and the Start of Frame
  Delimiter
• It starts with the Destination address and ends
  with the Frame Check Sequence
• Frame is considered ingress frame when it enters
  the Metro Ethernet Network and egress frame when
  it exits the network
• Service frame transparency is maintained between
  the two UNIs, as it traverses the Metro Network
  with some exceptions
• Egress service frame may have a 802.1Q tag when
  the corresponding ingress frame did not have it
• Likewise the egress frame may not have the tag,
  while the ingress had it
• The tag values between the ingress frame and the
  egress frame are different

16
Fundamentals of Services definitionEthernet
Virtual Connection (EVC )

• EVC is defined as an instance of an association
  of two or more UNIs
• Why EVC needed to be defined?
• Metro Ethernet Network (MEN) can be visualized as
  a shared medium where ingress frame is replicated
  and delivered to all the UNIs
• Concept works OK within the LAN as it belongs to
  the same organization or entity
• Not a good idea when the data traverses the
  public network
• Traffic Isolation
• Methodology need to be devised so that subscriber
  data is only transport and/or replicated to
  authorized UNIs and not to any other UNIs sharing
  the same MEN
• Hence the concept of VIRTUALIZATION of the
  Connection to provide traffic isolation

17
Example illustrating EVC Concepts Two Services
instantiations

• EVC1 gt defined between 2 UNIs, HQ and the backup
  center
• Point to Point service
• All the ingress frames will be exchanged between
  the 2 UNIs with the exception of control messages
  (terminated by the MEN)
• EVC2 gt defined between the HQ, Engineering
  facility and the 2 sales regions
• Multipoint to multipoint service
• Supports unicast and multicast traffic between
  the UNIs defined in the EVC group
• Generally speaking there can be more than one
  service instance
• More than one EVC defined for a virtual network

18
CE-VLAN ID

• There are 4095 CE-VLAN (Virtual Local Area
  Network) IDs and the ID numbers vary from 1,2
  4095
• The VLAN ID is extracted from the content of the
  Service Frame in the following manner
• For a Service Frame that has an IEEE 802.1Q Tag
  and the 12 bit VLAN ID in the Tag is not zero,
  the CE-VLAN ID is equal to the VLAN ID in the
  Tag.
• Untagged and priority tagged Service Frames have
  the same CE-VLAN ID and the CE-VLAN ID value is
  configurable to any value in the range 1, , 4094
  at each UNI.
• An Ethernet frame with an IEEE 802.1Q Tag that
  has zero as the VLAN ID is called priority
  tagged.
• Untagged priority frames are handled as if they
  belong to a default VLAN and the default VLAN is
  configured appropriately on each port of the
  Network Element, which can be an Ethernet Switch

19
CE-VLAN ID/EVC Mapping

• At each UNI, the CE-VLAN ID has to be associated
  with an EVC ID
• EVC ID is an arbitrary string administered by the
  Service Provider
• VLAN ID of 2 is delivered through the MEN
  according the properties of the Red EVC
• VLAN ID of 1 is delivered through the MEN
  according to the properties of Blue EVC
• Any Service Frame with Tag ID other than 1, 2 or
  4094 will dropped by the MEN as there is not EVC
  associated with them

20
CE-VLAN ID Significance

• CE-VLAN ID MAY only have relevance at a given UNI
• 47 (_at_UNI A) gt EVC1 lt 47 (_at_ UNI B)
• 1343(_at_ UNI A) gt EVC 2 lt but untagged (_at_ UNI B)
• 187 (_at_ UNI A)gt EVC3 lt 1343 (_at_ UNI B)

21
Traffic Engineering Bandwidth profile attributes

• Different subscribers will have different
  bandwidth needs. Some might require 100 Mb/s,
  others less than 20 Mb/s while some might require
  1 Gb/s
• Some may prefer pay as they use for the bandwidth
  needs they may start with 20 Mb/s to begin with
  and at a future date increase their requirements
  to 100 Mb/s
• To accommodate such requirements, there are
  bandwidth profile parameters that MEF defined
• Committed Information Rate (CIR) expressed as
  bits per second
• Committed Burst Size (CBS) expressed as bytes
• Excess Information Rate (EIR) expressed as bits
  per second
• Excess Burst Size (EBS) expressed as bytes
• Coupling flag (CF) must have either value of 1 or
  a 0
• Code Mode (CM) must have only one of the two
  possible values
• Color Blind
• Color Aware
• These profile attributes form the basis of the
  Service Level Agreements

22
Bandwidth Profiles defined in three ways
Bandwidth Profile defined on per Ingress UNI
23
Bandwidth Profiles defined in three ways
Bandwidth Profile defined on per EVC basis
24
Bandwidth Profiles defined in three ways
Bandwidth Profile defined on per EVC and CE-VLAN
CoS The most granular defined attributes allowed
25
Ethernet Services over public WANWork being
done at ITU-T
26
Summary of Ethernet types of Services

Connectivity Resource sharing Service type
Point-to-point Dedicated EPL (Ethernet Private Line)
Point-to-point Shared EVPL (Ethernet Virtual Private Line)
Multipoint Dedicated EPLAN (Ethernet Private LAN)
Multipoint Shared EVPLAN (Ethernet Virtual Private LAN)
27
Ethernet Private Line (EPL) Service

• EPL is the simplest service that existing
  SONET/SDH transport network can support
• Desired dedicated bandwidth is allocated enabled
  by VCAT, LCAS and GFP
• Mimics a virtual wire connectivity between two
  CEs

28
Ethernet Private LAN (EPLAN) Service

• Multiple sites either across the street or across
  the globe connected virtually
• Mesh connectivity using Multi-service
  Provisioning Platform type Network Elements

29
Ethernet Private LAN (EPLAN) Service

• LAN connectivity made by using centralized
  switch, i.e. the traffic is hauled to a
  centralized switch and then forwarded to the
  respective UNI

30
Ethernet Private LAN (EPLAN) Service

• Edge node serves as a bridge or a switch to
  provide connectivity between the respective UNIs

31
Reference architecture of a Network Element for
EPL
With present state of the art VLSI technology
most of these functional blocks can fit in a
single VLSI device (minus the optics)
32
How is Ethernet affecting our lives in some other
ways!

• Examples of using Ethernet for Virtual doctors
  office service
• Patients in a village from their homes can have a
  video conference with their doctor (residing
  somewhere else) example cited from Telenor,
  Norways Service Provider
• Doctors can monitor/see intricate operations
  being performed at a hospital across the globe
• Distance Learning

33
Network Security Architecture

• Customers responsibility or Service Providers

34
Security Issues Throughout History

• Breaches in information security have translated
  into catastrophic losses and at times brought
  organizations or nations to their knees
• As time progressed the techniques to transport
  sensitive information changed, however, the
  objectives of the sender and interested
  interceptor still remained the same
• The sender always tries to ensure the message
  assurance
• The interceptor on the other hand has been trying
  to find innovative ways to decipher the
  intercepted messages

35
Are Metro and Wide Area Networks Safe A Myth or
Reality

• Physical Isolation
• Does not guarantee data security

36
Are Metro and Wide Area Networks Safe A Myth or
Reality

• Virtual Isolation
• Data can be easily snooped at by unauthorized
  entities

37
Are Metro and Wide Area Networks Safe A Myth or
Reality?

• Tandem Connection
• Subscriber does not have any idea who all might
  be carrying its data

38
Are Metro and Wide Area Networks Safe A Myth or
Reality?

• Snooping Subscribers Data by the Carriers
• Cases have been reported where the Voice over IP
  service providers data is being blocked by the
  carriers it uses.
• There are tools available that make data
  snooping, filtering and recording possible

39
Overview of Access Transport Technologies

• SONET/SDH
• Widely deployed and is being used for Ethernet
  services
• 1/10 Gigabit Ethernet
• Used in green field applications
• Fibre Channel
• Restricted to Storage Area Networks
• Native traffic over dark fiber
• Typically used by large organizations for whom it
  is cheaper to manage their own networks

40
Encryption at Different OSI Layers

• Three main high speed access protocols
• SONET/SDH, 1/10 Gigabit Ethernet and Fibre
  Channel
• Client Mapping of signals over transport protocols

41
Encryption at SONET/SDH Layer

• Encryption at SONET/SDH layer
• Bulk encryption of data of varied traffic type
• Less number of Security Associations (SAs) in
  SONET/SDH
• Generation of encryption keys and their
  management easier (due to less SAs)
• For STS-768 (40 Gb/s) using STS-1 granularities,
  maximum number of SAs will be 768 for STS-192,
  there will be 192 SAs.
• Due to the lower number of end nodes, the
  authentication of the networks elements or nodes
  is significantly lowered.
• Ease of management of security infrastructure due
  to low number of SAs.

42
Encryption of SAN Traffic Over SONET/SDH

• Latency Sensitive traffic Secure SAN extension
  example
• Guaranteed delivery Fibre Channel (FC) based
  SANs do not tolerate frame loss in the network
  beyond what might be expected from BER and
  availability
• High Throughput Storage applications are the
  largest drivers of traffic across a network.
• Low Latency Storage applications require quick
  response times or performance can suffer.
• Zero Loss Loss is unacceptable in a storage
  environment. Retransmissions significantly affect
  application performance